diff options
| author | Andrew Dolgov <[email protected]> | 2013-03-22 09:14:55 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2013-03-22 09:14:55 +0400 |
| commit | 3972bf598195efba3e73ae1fef3faceabeb50308 (patch) | |
| tree | 0e0d6e4570b9f9ba692ffae40b7d170e356c4ec7 /plugins | |
| parent | 9d9432dab87e3887e4f482ac5afff1586530c692 (diff) | |
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/auth_internal/init.php | 8 | ||||
| -rw-r--r-- | plugins/auth_remote/init.php | 12 | ||||
| -rw-r--r-- | plugins/digest/init.php | 8 | ||||
| -rw-r--r-- | plugins/embed_original/init.php | 2 | ||||
| -rw-r--r-- | plugins/example/init.php | 2 | ||||
| -rw-r--r-- | plugins/googleplus/init.php | 2 | ||||
| -rw-r--r-- | plugins/identica/init.php | 2 | ||||
| -rw-r--r-- | plugins/import_export/init.php | 8 | ||||
| -rw-r--r-- | plugins/instances/init.php | 28 | ||||
| -rw-r--r-- | plugins/mail/init.php | 6 | ||||
| -rw-r--r-- | plugins/mailto/init.php | 2 | ||||
| -rw-r--r-- | plugins/note/init.php | 6 | ||||
| -rw-r--r-- | plugins/nsfw/init.php | 2 | ||||
| -rw-r--r-- | plugins/owncloud/init.php | 4 | ||||
| -rw-r--r-- | plugins/pinterest/init.php | 2 | ||||
| -rw-r--r-- | plugins/pocket/init.php | 2 | ||||
| -rw-r--r-- | plugins/share/init.php | 4 | ||||
| -rw-r--r-- | plugins/tweet/init.php | 2 |
18 files changed, 51 insertions, 51 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index cf6c13780..e910e52aa 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -22,8 +22,8 @@ class Auth_Internal extends Plugin implements IAuthModule { $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); - $login = db_escape_string($login); - $otp = db_escape_string($_REQUEST["otp"]); + $login = db_escape_string($this->link, $login); + $otp = db_escape_string($this->link, $_REQUEST["otp"]); if (get_schema_version($this->link) > 96) { if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) { @@ -140,7 +140,7 @@ class Auth_Internal extends Plugin implements IAuthModule { } function check_password($owner_uid, $password) { - $owner_uid = db_escape_string($owner_uid); + $owner_uid = db_escape_string($this->link, $owner_uid); $result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE id = '$owner_uid'"); @@ -169,7 +169,7 @@ class Auth_Internal extends Plugin implements IAuthModule { } function change_password($owner_uid, $old_password, $new_password) { - $owner_uid = db_escape_string($owner_uid); + $owner_uid = db_escape_string($this->link, $owner_uid); if ($this->check_password($owner_uid, $old_password)) { diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php index 7c8d835f8..7e4638fb2 100644 --- a/plugins/auth_remote/init.php +++ b/plugins/auth_remote/init.php @@ -21,7 +21,7 @@ class Auth_Remote extends Plugin implements IAuthModule { } function get_login_by_ssl_certificate() { - $cert_serial = db_escape_string(get_ssl_certificate_id()); + $cert_serial = db_escape_string($this->link, get_ssl_certificate_id()); if ($cert_serial) { $result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users @@ -29,7 +29,7 @@ class Auth_Remote extends Plugin implements IAuthModule { owner_uid = ttrss_users.id"); if (db_num_rows($result) != 0) { - return db_escape_string(db_fetch_result($result, 0, "login")); + return db_escape_string($this->link, db_fetch_result($result, 0, "login")); } } @@ -38,10 +38,10 @@ class Auth_Remote extends Plugin implements IAuthModule { function authenticate($login, $password) { - $try_login = db_escape_string($_SERVER["REMOTE_USER"]); + $try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]); // php-cgi - if (!$try_login) $try_login = db_escape_string($_SERVER["REDIRECT_REMOTE_USER"]); + if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]); if (!$try_login) $try_login = $this->get_login_by_ssl_certificate(); # if (!$try_login) $try_login = "test_qqq"; @@ -60,14 +60,14 @@ class Auth_Remote extends Plugin implements IAuthModule { // update user name $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN']; if ($fullname){ - $fullname = db_escape_string($fullname); + $fullname = db_escape_string($this->link, $fullname); db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " . $user_id); } // update user mail $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL']; if ($email){ - $email = db_escape_string($email); + $email = db_escape_string($this->link, $email); db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " . $user_id); } diff --git a/plugins/digest/init.php b/plugins/digest/init.php index 2feabe3b4..2fc98b0ec 100644 --- a/plugins/digest/init.php +++ b/plugins/digest/init.php @@ -47,7 +47,7 @@ class Digest extends Plugin implements IHandler { } function digestgetcontents() { - $article_id = db_escape_string($_REQUEST['article_id']); + $article_id = db_escape_string($this->link, $_REQUEST['article_id']); $result = db_query($this->link, "SELECT content,title,link,marked,published FROM ttrss_entries, ttrss_user_entries @@ -67,9 +67,9 @@ class Digest extends Plugin implements IHandler { } function digestupdate() { - $feed_id = db_escape_string($_REQUEST['feed_id']); - $offset = db_escape_string($_REQUEST['offset']); - $seq = db_escape_string($_REQUEST['seq']); + $feed_id = db_escape_string($this->link, $_REQUEST['feed_id']); + $offset = db_escape_string($this->link, $_REQUEST['offset']); + $seq = db_escape_string($this->link, $_REQUEST['seq']); if (!$feed_id) $feed_id = -4; if (!$offset) $offset = 0; diff --git a/plugins/embed_original/init.php b/plugins/embed_original/init.php index b28b2f8ee..0e0eb9603 100644 --- a/plugins/embed_original/init.php +++ b/plugins/embed_original/init.php @@ -36,7 +36,7 @@ class Embed_Original extends Plugin { } function getUrl() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/example/init.php b/plugins/example/init.php index f3788ae8c..926a57da8 100644 --- a/plugins/example/init.php +++ b/plugins/example/init.php @@ -21,7 +21,7 @@ class Example extends Plugin { } function save() { - $example_value = db_escape_string($_POST["example_value"]); + $example_value = db_escape_string($this->link, $_POST["example_value"]); $this->host->set($this, "example", $example_value); diff --git a/plugins/googleplus/init.php b/plugins/googleplus/init.php index 7ae6d1456..6045d2df6 100644 --- a/plugins/googleplus/init.php +++ b/plugins/googleplus/init.php @@ -32,7 +32,7 @@ class GooglePlus extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/identica/init.php b/plugins/identica/init.php index c9aa4118e..8e0ad4b9a 100644 --- a/plugins/identica/init.php +++ b/plugins/identica/init.php @@ -32,7 +32,7 @@ class Identica extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/import_export/init.php b/plugins/import_export/init.php index de21dbf32..61b9a439f 100644 --- a/plugins/import_export/init.php +++ b/plugins/import_export/init.php @@ -49,7 +49,7 @@ class Import_Export extends Plugin implements IHandler { } function save() { - $example_value = db_escape_string($_POST["example_value"]); + $example_value = db_escape_string($this->link, $_POST["example_value"]); echo "Value set to $example_value (not really)"; } @@ -122,7 +122,7 @@ class Import_Export extends Plugin implements IHandler { } function exportrun() { - $offset = (int) db_escape_string($_REQUEST['offset']); + $offset = (int) db_escape_string($this->link, $_REQUEST['offset']); $exported = 0; $limit = 250; @@ -238,7 +238,7 @@ class Import_Export extends Plugin implements IHandler { foreach ($article_node->childNodes as $child) { if ($child->nodeName != 'label_cache') - $article[$child->nodeName] = db_escape_string($child->nodeValue); + $article[$child->nodeName] = db_escape_string($this->link, $child->nodeValue); else $article[$child->nodeName] = $child->nodeValue; } @@ -346,7 +346,7 @@ class Import_Export extends Plugin implements IHandler { $score = (int) $article['score']; $tag_cache = $article['tag_cache']; - $label_cache = db_escape_string($article['label_cache']); + $label_cache = db_escape_string($this->link, $article['label_cache']); $note = $article['note']; //print "Importing " . $article['title'] . "<br/>"; diff --git a/plugins/instances/init.php b/plugins/instances/init.php index 6c0f89e1c..6e8d43e9b 100644 --- a/plugins/instances/init.php +++ b/plugins/instances/init.php @@ -92,10 +92,10 @@ class Instances extends Plugin implements IHandler { WHERE instance_id = '$id'"); foreach ($feeds['feeds'] as $feed) { - $feed_url = db_escape_string($feed['feed_url']); - $title = db_escape_string($feed['title']); - $subscribers = db_escape_string($feed['subscribers']); - $site_url = db_escape_string($feed['site_url']); + $feed_url = db_escape_string($this->link, $feed['feed_url']); + $title = db_escape_string($this->link, $feed['title']); + $subscribers = db_escape_string($this->link, $feed['subscribers']); + $site_url = db_escape_string($this->link, $feed['site_url']); db_query($link, "INSERT INTO ttrss_linked_feeds (feed_url, site_url, title, subscribers, instance_id, created, updated) @@ -167,16 +167,16 @@ class Instances extends Plugin implements IHandler { } function remove() { - $ids = db_escape_string($_REQUEST['ids']); + $ids = db_escape_string($this->link, $_REQUEST['ids']); db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE id IN ($ids)"); } function add() { - $id = db_escape_string($_REQUEST["id"]); - $access_url = db_escape_string($_REQUEST["access_url"]); - $access_key = db_escape_string($_REQUEST["access_key"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $access_url = db_escape_string($this->link, $_REQUEST["access_url"]); + $access_key = db_escape_string($this->link, $_REQUEST["access_key"]); db_query($this->link, "BEGIN"); @@ -195,7 +195,7 @@ class Instances extends Plugin implements IHandler { } function edit() { - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE id = '$id'"); @@ -253,9 +253,9 @@ class Instances extends Plugin implements IHandler { } function editSave() { - $id = db_escape_string($_REQUEST["id"]); - $access_url = db_escape_string($_REQUEST["access_url"]); - $access_key = db_escape_string($_REQUEST["access_key"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $access_url = db_escape_string($this->link, $_REQUEST["access_url"]); + $access_key = db_escape_string($this->link, $_REQUEST["access_key"]); db_query($this->link, "UPDATE ttrss_linked_instances SET access_key = '$access_key', access_url = '$access_url', @@ -277,7 +277,7 @@ class Instances extends Plugin implements IHandler { print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">"; - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "access_url"; @@ -364,7 +364,7 @@ class Instances extends Plugin implements IHandler { function fbexport() { - $access_key = db_escape_string($_POST["key"]); + $access_key = db_escape_string($this->link, $_POST["key"]); // TODO: rate limit checking using last_connected $result = db_query($this->link, "SELECT id FROM ttrss_linked_instances diff --git a/plugins/mail/init.php b/plugins/mail/init.php index 30a417a1b..a4817a15d 100644 --- a/plugins/mail/init.php +++ b/plugins/mail/init.php @@ -30,7 +30,7 @@ class Mail extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $secretkey = sha1(uniqid(rand(), true)); @@ -181,7 +181,7 @@ class Mail extends Plugin { if (!$rc) { $reply['error'] = $mail->ErrorInfo; } else { - save_email_address($this->link, db_escape_string($destination)); + save_email_address($this->link, db_escape_string($this->link, $destination)); $reply['message'] = "UPDATE_COUNTERS"; } @@ -193,7 +193,7 @@ class Mail extends Plugin { } function completeEmails() { - $search = db_escape_string($_REQUEST["search"]); + $search = db_escape_string($this->link, $_REQUEST["search"]); print "<ul>"; diff --git a/plugins/mailto/init.php b/plugins/mailto/init.php index 8d175ae1c..e140bbea7 100644 --- a/plugins/mailto/init.php +++ b/plugins/mailto/init.php @@ -30,7 +30,7 @@ class MailTo extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); require_once "lib/MiniTemplator.class.php"; diff --git a/plugins/note/init.php b/plugins/note/init.php index 83db94248..7e8cfb57f 100644 --- a/plugins/note/init.php +++ b/plugins/note/init.php @@ -29,7 +29,7 @@ class Note extends Plugin { } function edit() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $result = db_query($this->link, "SELECT note FROM ttrss_user_entries WHERE ref_id = '$param' AND owner_uid = " . $_SESSION['uid']); @@ -58,8 +58,8 @@ class Note extends Plugin { } function setNote() { - $id = db_escape_string($_REQUEST["id"]); - $note = trim(strip_tags(db_escape_string($_REQUEST["note"]))); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"]))); db_query($this->link, "UPDATE ttrss_user_entries SET note = '$note' WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); diff --git a/plugins/nsfw/init.php b/plugins/nsfw/init.php index 9aadde4dd..247d56a1e 100644 --- a/plugins/nsfw/init.php +++ b/plugins/nsfw/init.php @@ -91,7 +91,7 @@ class NSFW extends Plugin { } function save() { - $tags = explode(",", db_escape_string($_POST["tags"])); + $tags = explode(",", db_escape_string($this->link, $_POST["tags"])); $tags = array_map("trim", $tags); $tags = array_map("mb_strtolower", $tags); $tags = join(", ", $tags); diff --git a/plugins/owncloud/init.php b/plugins/owncloud/init.php index 48377e9d9..5d215b386 100644 --- a/plugins/owncloud/init.php +++ b/plugins/owncloud/init.php @@ -20,7 +20,7 @@ class OwnCloud extends Plugin { } function save() { - $owncloud_url = db_escape_string($_POST["owncloud_url"]); + $owncloud_url = db_escape_string($this->link, $_POST["owncloud_url"]); $this->host->set($this, "owncloud", $owncloud_url); echo "Value set to $owncloud_url"; } @@ -75,7 +75,7 @@ class OwnCloud extends Plugin { } function getOwnCloud() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/pinterest/init.php b/plugins/pinterest/init.php index 96c730e84..11fe64eb5 100644 --- a/plugins/pinterest/init.php +++ b/plugins/pinterest/init.php @@ -32,7 +32,7 @@ class Pinterest extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/pocket/init.php b/plugins/pocket/init.php index 688a6258d..e96d08001 100644 --- a/plugins/pocket/init.php +++ b/plugins/pocket/init.php @@ -33,7 +33,7 @@ class Pocket extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/share/init.php b/plugins/share/init.php index f52d2a4fa..a3dc35224 100644 --- a/plugins/share/init.php +++ b/plugins/share/init.php @@ -28,7 +28,7 @@ class Share extends Plugin { } function shareArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $result = db_query($this->link, "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param' AND owner_uid = " . $_SESSION['uid']); @@ -41,7 +41,7 @@ class Share extends Plugin { $ref_id = db_fetch_result($result, 0, "ref_id"); if (!$uuid) { - $uuid = db_escape_string(sha1(uniqid(rand(), true))); + $uuid = db_escape_string($this->link, sha1(uniqid(rand(), true))); db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param' AND owner_uid = " . $_SESSION['uid']); } diff --git a/plugins/tweet/init.php b/plugins/tweet/init.php index 2d20c7187..bbcf7836c 100644 --- a/plugins/tweet/init.php +++ b/plugins/tweet/init.php @@ -32,7 +32,7 @@ class Tweet extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries |